System and Method for Differential Malware Scanner

2. The system according to claim 1, wherein the processor is programmed to scan the plurality of chunks by calculating an information gain of each of the plurality of chunks and scoring each of the plurality of chunks based on the information gain of each of the plurality of chunks.

3. The system according to claim 2, wherein the processor is configured to predict whether the downloaded file is malicious based on the scores of each of the plurality of chunks.

4. The system according to claim 3, wherein the processor is configured to score each of the plurality of chunks and predict whether the downloaded file is malicious by applying a machine learning model to the plurality of chunks.

5. The system according to claim 4, wherein the processor is further configured to update the machine learning model and distribute the updated machine learning model to the user device and other user devices.

7. The method according to claim 6, wherein scanning the plurality of chunks includes calculating an information gain of each of the plurality of chunks and scoring each of the plurality of chunks based on the information gain of each of the plurality of chunks.

8. The method according to claim 7, wherein predicting whether the downloaded file is malicious is based on the score of each of the plurality of chunks.

9. The method according to claim 7, wherein scoring each of the plurality of chunks and predicting whether the downloaded file is malicious includes applying a machine learning model to the plurality of chunks.

10. The method according to claim 9, further comprising updating the machine learning model and distributing the updated machine learning model to a user device.

11. The method according to claim 6, wherein determining whether the downloaded file is malicious includes comparing a predicted probability that the downloaded file is malicious against a predetermined threshold probability, wherein the downloaded file is determined to be malicious if the predicted probability exceeds the predetermined threshold and is determined to be not malicious if the predicted probability is at or below the predetermined threshold.

13. The non-transitory computer-readable medium according to claim 12, wherein scanning the plurality of chunks includes calculating an information gain of each of the plurality of chunks and scoring each of the plurality of chunks based on the information gain of each of the plurality of chunks.

14. The non-transitory computer-readable medium according to claim 13, wherein predicting whether the downloaded file is malicious is based on the score of each of the plurality of chunks.

15. The non-transitory computer-readable medium according to claim 13, wherein scoring each of the plurality of chunks and predicting whether the downloaded file is malicious includes applying a machine learning model to the plurality of chunks.

16. The non-transitory computer-readable medium according to claim 15, wherein the method further comprises updating the machine learning model and distributing the updated machine learning model to a user device.

17. The non-transitory computer-readable medium according to claim 12, wherein determining whether the downloaded file is malicious includes comparing a predicted probability that the downloaded file is malicious against a predetermined threshold probability, wherein the downloaded file is determined to be malicious if the predicted probability exceeds the predetermined threshold and is determined to be not malicious if the predicted probability is at or below the predetermined threshold.